7.8. I'm Having Trouble Connecting to an Existing Network
Unfortunately, there are so many ways networks can go wrong that they're hard even to categorize, much less describe and solve. With the development of wireless networks, potential problems have multiplied.
When diagnosing network problems, the first thing to remember is that most problems are physical. If you rush to change your networking software when the problem is just a hub without power, you could make things worse. As wireless networks have their own physical and software issues, we discuss this issue separately at the end of this annoyance.
After you fix a network problem, you may need to revise a configuration file to keep the problem from happening again the next time you boot. Generally, most modern distributions store these configuration files in the /etc/sysconfig/network or similar directories. If you have trouble finding the right file, Red Hat/Fedora, SUSE, and Debian all have excellent GUI utilities that can help you configure basic network interfaces.
7.8.1. Isolating the Problem
Chances are good that you already have a working LAN. But trouble is sure to happen from time to time. Cables can fray or become loose. Heat can cause network cards to work their way out of their slots. Power may cycle on your hub, switch, or router. And the first symptom you see may be network trouble on your Linux system.
In this section, I list potential problems to check step by step. As you gain experience, you may be able to isolate the problem more quickly.
184.108.40.206. Basic loopback connections
Check whether networking is operational by looking at the status of your loopback connections, one that doesn't depend at all on networking hardware. Output from the ifconfig command should list active network adapters. As long as network software is installed, you should see output at least from your loopback adapter, similar to:
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:533496 errors:0 dropped:0 overruns:0 frame:0 TX packets:533496 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:75134145 (71.6 MiB) TX bytes:75134145 (71.6 MiB)
If you don't see a loopback interface, it may be down. You can try to activate it with the following command:
/sbin/ifconfig lo up
You should also be able to verify the loopback interface with the following command:
Now try the ifconfig command again. If this doesn't work, the problems are deeper than I can address in this annoyance.
220.127.116.11. Checking network interfaces
Assuming you have network adapters on your system, you should also see their output from ifconfig. If you don't, try activating the associated interfaces. Assuming they're Ethernet or wireless adapters, try the following commands:
/sbin/ifconfig eth0 up /sbin/ifconfig wlan0 up
Then run ifconfig again. You should see output such as:
eth0 Link encap:Ethernet HWaddr 00:0D:9D:86:36:A0 inet6 addr: fe80::20d:9dff:fe86:36a0/64 Scope:Link UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:297 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:99454 (97.1 KiB) Interrupt:10 Base address:0xe000
If you still don't see your network cards, you may have a physical problem with the card or connection; read ahead for more information. But assuming you're on an IPv4 network, there's still a problem. You need an IPv4 network address.
If there's a DHCP server for your network, check it with your DHCP client command. Different distributions use client commands such as dhcpcd, dhclient, and pump to ask for an address from that server. If you have multiple interfaces, you should specify one; for instance, the following command asks for DHCP service for the Ethernet card on my computer:
Ideally, you'll now see something similar to the following IPv4 address information in the output to ifconfig:
inet addr:192.168.0.11 Bcast:192.168.0.255 Mask:255.255.255.0
Now you can test the connection between your computer and the network card. In this case, you can do so with the following command:
You'll need to stop the output by pressing Ctrl-C. Alternatively, you could use the -c 4 switch to limit the output to four pings, i.e.:
ping -c 4 192.168.0.11
18.104.22.168. Checking connectivity
Now you can check connectivity to the rest of the network. The first step is to check the connectivity to a neighboring computer. If you're a Linux administrator for the network, you should be able to find these addresses through /etc/hosts or a local DNS computer IP address in /etc/resolv.conf.
For example, the following command verifies connectivity to my Internet gateway router:
Next, you can check connectivity to your network's IP address on the Internet. It's available through the other network interface on your gateway computer or router. If the gateway is a Linux or Unix system, you can find the interface's address with an ifconfig command on that computer. If it's another operating system, consult appropriate documentation.
For example, if the Internet address on my network gateway is 22.214.171.124, I'd try:
Now, unless you know a specific IP address on the Internet, that's as far as you can go with just IP addresses.
126.96.36.199. Checking names on your LAN
As we don't normally connect to the Internet with IP addresses in our browsers, we also need to check connectivity through computer names. If you've configured static IP addresses, you should be able to find the computer names on your network in /etc/hosts. Alternatively, if you have a DNS server for your network, you should be able to find the list with the appropriate host command. For example, if you use example.com as your private network domain, you'd run:
host -l example.com
The host -la command may be required for later versions of DNS.
I had previously configured example.com on my network; one of the results was enterprise3d.example.com, which I could then ping from another computer on my network.
ping -c 4 enterprise3d.example.com
188.8.131.52. Checking names on the Internet
If you're connected to the Internet, you can check name connectivity in a wider setting. Run the ping command to your favorite web site:
% ping -c 1 www.oreilly.com PING www.oreilly.com (184.108.40.206) 56(84) bytes of data. 64 bytes from www.oreillynet.com (220.127.116.11): icmp_seq=1 ttl=45 time=40.1 ms
This response verifies that the DNS servers that you use for Internet addresses are working properly. If you have a problem here, you should check your connection to your ISP's DNS servers. If your gateway computer runs on Linux, you'll find it in that computer's /etc/resolv.conf.
Alternatively, your computer gateway may not know where to route requests. The following shows that your system knows where to route request to two internal networks. But if the IP address is associated with a different network, your system doesn't know where to route the request:
% netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.0.0 * 255.255.255.0 U 0 0 0 eth1 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
What you need is a default route, which applies to IP addresses not otherwise specified. Assuming your network is connected to the Internet and the interface on the gateway that receives data from your system is 192.168.0.1, this command should solve your routing problem:
% route add default gw 192.168.0.1
And the next time you run netstat -r, you'll see the following output.
default 192.168.0.1 0.0.0.0 UG 0 0 0 eth1
The 0.0.0.0 in the output refers to the network mask; it means that all addresses go through 192.168.0.1. Sometimes, the output also lists default as the destination address in place of 0.0.0.0; the two are synonymous when it comes to IPv4 addressing. In some cases, you may even see the fully qualified domain name (FQDN) of the gateway.
When you're able to connect to other computers on your LAN but not to an external network such as the Internet, you may have a firewall that is too restrictive. For example, the firewall could allow you to ping web sites on the Internet but not connect to those sites using TCP to get a web page.
In many cases, the only computer configured with a firewall is the gateway computer or router between your network and an external network, such as the Internet.
On the gateway computer, if you trust internal users (a big if), you may disable firewalls on the network card associated with the internal LAN. Unless you're working in a location such as an Internet café, crackers normally come from outside the network.
You might want to create defenses within your network as well. For example, you might configure outgoing email servers to stop internal users from sending out an excessive number of emails, which might qualify as spam. Or you might want to create firewalls within your network to further protect critical areas within your enterprise from external and internal users.
If you need a firewall to regulate traffic within your LAN, you'll probably need a number of open ports to support services such as Samba, NFS, and SSH. All these open ports are difficult to configure, complex to maintain, and make internal firewalls less valuable.
Because many Linux distributions configure a firewall by default, that may prevent some types of network communication within your LAN. To check the operation of, and then disable, an iptables firewall, run the following commands:
iptables -L iptables -F
The first command lists all rules currently being used to filter traffic, and the second flushes the rules so no filtering is done.
To make sure Linux doesn't reactivate the firewall the next time you reboot, you'll need to disable or delete the appropriate command file in the /etc/sysconfig directory. The file varies by distribution. SUSE encourages users to disable firewalls using YaST.
A detailed discussion of firewalls is beyond the scope of this book. For more information on firewalls, see Linux iptables Pocket Reference by Gregor Purdy (O'Reilly).
7.8.2. Physical Network Troubleshooting
Loose cables, problematic network cards, andgiven that so many of us now run wireless networksthe presence of too many walls between a wireless card and an access point are the most common reasons network connections fail. I assume that you already understand the basic functionality of network hardware; I summarize the components in Table 7-2.
When there is a solid connection between a Network Interface Card (NIC) or Hub/Switch/Router and a cable, you should see lights on each component. Generally, a solid light means you have power or connectivity; a blinking light is a sign of network activity.
7.8.3. Troubleshooting Network Services
If you've verified your physical network connections and still have problems, check your network services. Because some of these services are associated with other annoyances, this discussion is limited to general principles.
7.8.4. Wireless Network Issues
The advance of wireless networks led to additional annoyances. We've briefly addressed interference with other wireless devices. Worst of all, an unsecured wireless network makes it easy for outsiders to break in. In general, we assume that you're configuring a connection to an access point, such as a gateway router. However, it's also possible to connect wirelessly to a peer, such as a wireless card attached to a different computer.
As described in "My Wireless Card Works on Another Operating System, but Not Linux" in Chapter 5, a working wireless NIC will show up in the output to ifconfig -a.
To manage a wireless network on Linux, you need the commands associated with the wireless-tools package. (At least, that's the name of the package on Red Hat/Fedora, SUSE, and Debian.)
If your wireless card fits into a PCMCIA slot, you'll also need separate configuration files in the /etc/pcmcia directory. The package that installs these files varies by distribution and by major kernel version. Table 7-3 lists some sample names under which you can find the package.
These configuration files may not work with special wireless tools or drivers installed from third-party sources such as Linuxant (http://www.linuxant.com) or SourceForge (http://sf.net), which we discussed in more detail in Chapter 5.
Once you have the right packages installed, you can configure your wireless card from the command-line interface. The key commands are iwconfig, iwevent, iwgetid, and iwlist. Once your wireless network operates to your satisfaction, you'll need to modify the appropriate configuration files with your desired settings. The commands are described in the following subsections.
The iwevent command can help you monitor the wireless network. You can run this command in the background:
Once started, the command can help you monitor major changes to your wireless network, such as hardware, speeds, and more. Even while being run in the background, the output goes to the command console.
The iwgetid command identifies the name of the wireless network to which you're connected. For example, I might see the following output, which reflects the ESSID of my wireless network:
If this isn't the network you want, you can do something about it with the iwlist and iwconfig commands.
The iwlist command is powerful. It can help you scan available networks, manage transmission power, check available communication channels, list access points, and more. You can run it in the following format:
iwlist [device] option
Generally, it's more efficient to specify the network device when you run this command. For example, if your wireless interface is wlan0, and you want to scan available wireless network ESSIDs, run the following command:
iwlist wlan0 scanning
Key information from this output includes the frequency (channel), ESSIDs, available bit rates, signal strengths, and access modes.
Other key iwlist command options are listed in Table 7-4. In several cases, there are two options, such as rate and bit rate, that produce the same result.
In the same way you can configure a regular network card with the ifconfig command, you can configure a wireless network card with the iwconfig command: you can change access points, set bit rates, adjust transmission power, and more. Just remember that, once you've verified that your changes work, you'll need to revise the applicable configuration files or scripts for your wireless device so they take effect each time the system boots.
Running iwconfig without options returns the wireless characteristics of each wireless network device:
wlan0 IEEE 802.11-DS ESSID:"randynancy" Nickname:"unknown" Mode:Managed Frequency:2.412 GHz Access Point: 00:09:5B:FA:BB:76 Bit Rate=5.5 Mb/s Tx-Power=20 dBm RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=38/100 Signal level=-62 dBm Noise level=-154 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0
When you specify the wireless device, you can change its configuration. For example, you may be able to connect to more than one wireless network:
# iwlist wlan0 scanning | grep ESSID ESSID:"randynancy" ESSID:"default"
You might have trouble connecting to your preferred network. In my case, I want to make sure that I connect to my home network (instead of my neighbor's network). Thus, I specify the network to which I connect as follows:
# iwconfig wlan0 essid randynancy
There are a number of other wireless characteristics that you can configure with the iwconfig command. Using the format shown in the previous example, you can change the settings described in Table 7-5.